Home

Description

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames. The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability. This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl. This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.

PUBLISHED Reserved 2026-05-25 | Published 2026-06-10 | Updated 2026-06-10 | Assigner EEF




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-208 Observable Timing Discrepancy

Product status

Default status
unknown

6.0 (otp) before 6.0.1
affected

Default status
unknown

29.0 (otp) before 29.0.2
affected

032d1bc9491a3975c68faf9bc7776115d6ae3005 (git) before c342092ef4b369bb409d5b71ac8fd83bab74aedf
affected

Credits

Zhang Delong finder

Jakub Witczak remediation developer

Ingela Anderton Andin remediation reviewer

Michał Wąsowski remediation reviewer

References

github.com/...ng/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 vendor-advisory related

cna.erlef.org/cves/CVE-2026-48859.html related

osv.dev/vulnerability/EEF-CVE-2026-48859 related

www.erlang.org/doc/system/versions.html

github.com/...ommit/c342092ef4b369bb409d5b71ac8fd83bab74aedf patch

cve.org (CVE-2026-48859)

nvd.nist.gov (CVE-2026-48859)

Download JSON